ForeScout Technologies, Inc., the leading provider of pervasive network security solutions for Global 2000 enterprises and government organisations, has announced that Pioneer Investments has successfully deployed ForeScout CounterACT™. The solution offers Pioneer agentless capabilities to achieve network visibility across endpoints, obtain real-time intelligence and apply policy-based controls to proactively address threats and mitigate problems with little to no impact on the business. Pioneer Investments is a global investment management firm with more than 2,000 employees and a presence in 27 countries worldwide.
“We were up and running with ForeScout CounterACT in only a couple of weeks at our main site and began pulling down fantastic intelligence almost immediately,” said Ken Pfeil, chief information security officer (CISO) at Pioneer Investments. “That alone was worth the cost of the solution, as our team was much better informed and ultimately able to make more effective decisions.”
Pioneer chose ForeScout to fortify measures to support compliance, improve operational oversight and reduce security risks. The firm wanted a security platform that could provide visibility, granular control and more flexible implementation capabilities for its wired and wireless networks – ultimately to serve as a control integration and endpoint remediation solution. In addition to its main CounterACT deployment, Pioneer is leveraging the ForeScout ControlFabric™ technology to enhance control interoperability and use its resources more effectively. For example, the company is integrating CounterACT with its existing security solutions such as Bromium, an advanced threat detection (ATD) platform. The integration helps ensure that systems are running the Bromium vSentry host-based software and that indications of compromise (IOC) properties discovered by Bromium could be applied to ForeScout CounterACT policies in order to identify and act upon threats on those systems not able to run Bromium vSentry.
“ForeScout’s ControlFabric architecture is the heart and the brains of our intelligence network. In essence, it allows us to use CounterACT as a cornerstone technology, bringing together disparate security solutions and significantly improving our ability to manage our security infrastructure,” said Pfeil. “From an interoperability perspective, just the fact that we are able to see certain events from our other security devices that we normally wouldn’t have noticed within the native environment is significant – we now see these events applied to a particular policy, or we see a specific condition, either at the network or at the client level, that we hadn’t seen before.”
Key benefits Pioneer realised by deploying CounterACT include:
• Automation, Time and Cost Savings – The ease of management, and high level of support offered by ForeScout saves the IT department at Pioneer significant man-hours in maintaining the solution.
• Continuous Monitoring and Mitigation – CounterACT’s real-time visibility and policy-based mitigation capabilities help Pioneer identify and address issues in near real-time.
• Integrated Intelligence and Control – With ForeScout’s ControlFabric architecture, Pioneer is able to integrate its existing security solutions with CounterACT, allowing Pioneer to take a more active and holistic approach to network security. This ensures the IT team does not have to micromanage multiple disparate security solutions.
When asked to explain Pioneer’s CounterACT installation in more detail, to help other companies who are interested in deploying the solution, Pfeil commented, “In the first couple of weeks we had it rolled out globally. With ForeScout, we did not have to take a piecemeal deployment because it was not inline, had agentless options, and worked with our wired and wireless implementation. At first, we set up standard policies in monitor-only mode and were doing logging and informational analysis. We weren’t doing any blocking on policy at that point, but we were using it to inform us. Literally, we were up in a couple of weeks at our main site and got fantastic intelligence. That alone was worth the cost [of the solution] as our team was better informed to make decisions.”
Pfeil continued, “The product allows our team to see an issue and take action on demand or within the policy. We then stepped up policy enforcement and endpoint remediation such as port blocking, updates and things of that nature. About 10 months ago we began working on broader integration with all of our security products and it’s going very, very well. I’m quite happy with the policies and the compliance that we’ve been able to achieve and we’ve got an even better roadmap going forward with the integrations for other systems like Bromium.”
SANS WhatWorks Whitepaper – Pioneer Investments